Live chat

Chargify is Secure Billing
Software

At Chargify, security is of paramount importance in every action and decision we make. Remaining constantly vigilant, we continually improve and extend the security of our application and the protection of the data entrusted to us.

Chargify is a PCI Service Provider Level 1

We are audited each year by a PCI-certified Qualified Security Assessor to ensure that we have established and maintain the appropriate security practices prescribed by the Payment Card Industry Data Security Standard for a service handling sensitive payment cardholder data.

Download Chargify's compliance validation.

Enforced standardized SSL encryption for all communication

We go to great lengths to keep your data safe and secure. You should never log in to Chargify over an unencrypted connection and you should never communicate with the Chargify application or API without using an HTTPS URL.

Persistent protection and safety scanning

We are continually evaluating our security and looking for ways to improve. We undertake the following tasks on a regular basis:

  • Scan both our internal and external networks to ensure that we have secured against known vulnerabilities.
  • Audit our codebase for possible security flaws.
  • Patch third-party software and services as vulnerabilities are found and fixed.
  • Subject our application to “penetration testing” by skilled and ethical “hackers.”

Full disclosure

If you believe you have discovered a potential flaw in any area of our security measures, we ask that you share the infomation with us first!  We ask you to retain secrecy of your findings until we have remediated the issue.  Once the flaw has been fixed, you are free to disclose your results as you see fit.

The Chargify disclosure program is managed through Bugcrowd. To see the terms of the program and participate, go to Bugcrowd and sign up as a tester. You will need to accept the Chargify terms of service to engage in testing. If you have identified a vulnerability, please report it via Bugcrowd to be eligible for a reward.

PGP Key

We provide a PGP key to encrypt sensitive communication that you send to us:

  • Key ID: C0610A6C
  • Key type: RSA
  • Key size: 4096
  • User ID: security@chargify.com
  • Fingerprint: 5D52 A73E 65F9 64C9 23AC CC70 CCD9 B573 C061 0A6C
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFWb9HYBEADOlLM0hdn6Cmq4mAfBp099d5nx/a55feyTivo7tplycgP/SgPw
omEytvTL7LQT+CbJepyBhQa+Ay3U/ZvAj6ERPte1ljZdgHV35kiHFECY7iiwsGvO
+gQkgkxUQMknCkEFwXnJni7RKfIYixt0f2t5fHHsG6Umgl2yw/CKU1bwyULXXFhz
IAC4ZtFiWFOL+S3EWoGPSt76bbqscPBaNqD50Dj4AFkt6GbzcLrmsZSgdXKtFsWB
ZHPxt5VH2GcPiMtR22Ups2GaCQ1ZQa5CKhJPcKJdbpDiw5Nkm85pAp347Q2unPWb
YXOmicijmn+UlPudwlxn8OEySSCG/vKR3c0QKbilfLagIGZXd8cVL1Zze4JxANTo
DEEvSD5E7B17gNH9qChBqcIONN1sj9K/eghxwOaYBzvJxdp5vzF4FaYim60FJnEh
zO46chzRfHbHnJ2sfS/KvpE9jV11+fLJoxXvgcPWpqVtWs9aUVziitLKoYTwo2Tx
Tne6+cx4sOVyFDGjSxoZyGfZckGv3LjEQhNNMaggeWvkQqbnL8c2WOwXZ8xckJYC
e2osR9r1+9dg12I4nBzmF+JgTdAMJ3efqSDtUplFuL1Dm/E+jmz3qd7m9+H+iaQ4
l6XtxJG43zqMdwSLt6L08baEebijV/EUa9zDzXvj+24vzKadnIlpoPXuaQARAQAB
tClDaGFyZ2lmeSBTZWN1cml0eSA8c2VjdXJpdHlAY2hhcmdpZnkuY29tPokCPgQT
AQIAKAUCVZv0dgIbAwUJAeEzgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ
zNm1c8BhCmzkjxAAmvwfmMCbbkoi/wTjXkXnf9mXryY3jUtUQmNyK/aWQPnybLGr
VlRYbCM7oMJGTi0ifHS8zYn88FcTsYMfzGaIePzgWMdBXWZvpVMtErqiK14wRLQg
cANjLhsrs28Fx3xFPNkG8faOFyAxahQmsHz2WDnazXMy8Bmzv81yeqtxjX1m4+OZ
fng+V5zSF5WJDJQpxq1nqH3QeG55BwNf07A3zPegG9kCsJQL1pgekB8Gl5M8mLau
vDA+RsQpHHjQurjxlLSbeC7oE5BHSYH2MTaQ0Jnx/jJBfLwe0k7C6xVEbChxObsN
NvjnB3U6zWUBMsbdaaqaIk5p2m6567FGbSDo+Luxj/J4b1k4HgADciMURjmTKQNR
oYoY12x+bJ4tS+04/Kh5Go07jgRJ7/e7+zO+C0/E2JQCYzwmWW4PLPK31KtpYqOJ
nk2YXMLMK4mqX8mvvQ3/z3WeqkUSgrzvem+YwFlAegDnfn6TAV293fDdYgvLm29m
ANOzN7IOgc1vushxa34gSVwlWuX+cznbPRQkrnBkAhXPATBmxdTrHRN6eef1rPId
BgYLuQbTw+9Uo/lG/sIQ8zRy/85aBXD4XRbK8jRB3E8aIJpwsZpeZJpeDtb0RxK4
g7Sg3MXWMioojhxkqbljw7gYd6vgNGP9QYFGPE2gmmSJzCCluvwOBsrP0zq5Ag0E
VZv0dgEQAO6W/T1eHNUl5an2hcj/hFqQU0qNzBC5KviQAv5xIlcKSI8WyIrRCQ0w
TVc2CXBvts9IBb/J8VAbJzBC+IOp6TaMSgyld//Qug8gpALq/d7O+P2Yzguk1cF5
qUe0MkT4LcUPEy80MehkcTMn/2qLgtBq187hUym8tgmGJX60c7940eaBTKINMaiA
EFQb4loohMis6Yq4s+qilFWOHY7736UtiVOKtjrsDCLltY+TO3jK3BjgavSAKuv7
4xNcxIVpyGJDBj2Va+XAN3fEgCd4T9jSzw7ft9RAtcod00y+Mm/hwmJ+pqI6ng7X
9segajsShloSGV6I+K8mNlxnWj0WfsBQbNoaYxpx4MVavlGkIJR5zPHsQemVppVQ
G43GeeSSmmBwxU9ZRSy9GHIQY6osaQS2WsZ0glfU46zt4UcJufYpPvL9HQeWwsPE
Vw5zFzJgPyqUSibm4TqVtQSO43v4rm0/4LRCGYr9BeNuJjOqZ5El/X3QKHXZAS0e
1sflW1qdkhD3zSz2f5ia0S/NvHjQWbtVe8oxNiU6KKnqNV2INHdCreAQyKn3fkf8
9ZhoY9x1OAnQ+Eqdpyzr8F09qumQYdLqKud9nPpzA8qm0mxpR3OGrCVhc+CiTGSG
hYYlpFcYRZCLiQdAangpbGDECGeFqGYsXtQdVbbVqrUr/BLccMUlABEBAAGJAiUE
GAECAA8FAlWb9HYCGwwFCQHhM4AACgkQzNm1c8BhCmxJSBAAwcQ6MgLf4K85ZNUw
eIEixsc5bv4nL+I4Zngp9HWpsRapkE6i9Nn5eTgDN2mr1F/4nFyQK1PAMiSgFw40
t+qCtntVm1YmTDtLjnurls8C/pQUlCe61LQoJa7imWjbMYDyPCi2IGft+FOJ7dDo
Fvn7ufb4eDW1h/R72Is5xyUZT+9DtsGwNK+uPUBiTq56bxYdK5O1nrND4FmQv2OU
PTTZatB0cI9KE4WePdjzQHTGhAvNEcOd2tgnTIGHOXKSBr4Tk0GljHo31WDALRM8
XWr6vofrDu3lzCIKh5kcEJQMvlq0mci7UXkr11UUy7DBoExVdyHmiLrgBsMxuphN
+Pf830UJPoiNg6KZ4du6Gz++wSlBPhdpVJft4nTqSROR8j7U/LoPVQVojS2hmuRb
OoURlpVd1h/pxTjHJpFnJ4x5nQNKwZwLhvY9wktvPXUQXdNDXBQNzseLZ3K+P3En
LdgTv/85+rufKwRWbTwewTjETTvfpVT//PzDQ7WhslCKvbR3oF+WKv0HaDZBhpKz
azsCUQCBkaOPbt0piRKCEUDeamhQ/xr0Kdbt6F/4AAsuLS74y99yZo/LQpVrKz0N
wu3IBDznhmuqHMFuEOft2vqGdZhe8qRe2L3J0WzUKgcFeOa3fqPI4LyvudSBVP0L
/cN4LNDeptMpc6MLgqnpEs3H+os=
=Dcj8
-----END PGP PUBLIC KEY BLOCK-----

Whitehat Hall of Fame

We maintain a list of all Whitehat Security Researchers who help us find a fix vulnerabilities.  Special thanks goes out to all these researchers!